Rogue devices can attach to a wireless network, we've talked about this. And data transferring between the wired and the wireless networks can be captured. You may be able to send information through your cellular phone because you're tethering, using it as your network connection. We can capture that data because that data may not be encrypted the same way that a protocol transfer on the wire is between secure endpoints in your network. The protocols are different, the security regime is different. And although you may not realize it, using your cellular phone as a tethered wireless access point or modem may actually expose data unnecessarily. Because it may not be secured at the same level and with the same protections that a wired connection may. These are all potential security issues that SSCPs should be aware of and we should take steps to avoid. How do we search for rogue access points? We can use a network vulnerability scanner with signatures that specifically scan for MAC addresses. There are lots of them out there, Cain and Abel is one. Network Chemistry has a great scanner that will allow you to do that, called Packetyzer, and it will pick up access points and tell you which ones are around. They've got a Bluetooth plugin that works really well, as well. There's all sorts of programs out there that can do that. So you could go around with a laptop or handheld unit that has software that will analyze wireless transmissions. I often, when I do wireless surveys, will just walk around with my laptop or my mobile device. I could do it with my phone now, it's so much easier. Used to have to walk around with my big laptop like this, walking through the hallway trying to find stuff. But today, I can use a tablet, I can use my cell phone. All I have to do is walk around and see which signals I pick up and where, and I can quickly map out the wireless map of a building. If I'm a bad actor and I walk in, and I'm there to, quote unquote, do some social engineering, perhaps some surveying, as the precursor to a penetration test. And we'll find out more about that over time as we continue our conversations here. But if I'm here to do that, I may be able to go in, and I may be able to map out the wireless network and see where the wireless access points are, right? And when I do that, what I can do is I can walk around with my phone under the pretext of being there in the waiting room to make a phone call. Hey, where's the bathroom? Let me just go do that real quick before my meeting. And I can wander around outside, figure out who's got wireless, which ones are open. And now I know which ones I can connect to from outside the building. I can just go back outside, never show up for my meeting, and when I do that, I can then go ahead and try to hack in and connect. So it's not hard to do, and these rogue access points present a significant liability for companies, something that we really have to be aware of and really focus on. Locking down the enterprise, as I said, can include lots of things. It may include MAC address filtering on not just wireless devices, but also on switches, so that we only allow certain devices to connect to certain ports, or certain ports to be used for certain kinds of traffic. This is something that can be done, and we want to be aware of this as well. We also want to talk about the idea of war dialing and war driving, two very significant and important concepts that we should be aware of. War dialing's kind of old school, right? This is the idea of being able to hack into modems by using a telephone bank to call up modems on systems, identifying them when they're connected. And then based on that connection, being able to go through and effectively then being able to tag the number, and say, let me call back in, and let me hack in based on that. I don't know if you guys saw the movie War Games years ago with Matthew Broderick and Ally Sheedy. They were both like 12 years old in this movie, one of the first movies they were in. But the whole premise of the movie, if you haven't seen it, is built around war dialing. Matthew Broderick's character effectively hacks into the US government's supercomputer that's doing war games and almost starts World War III. And he does it by war dialing. They actual show you, in the very beginning of the movie, the exact concept of war dialing. Because he's got his old 1200 Hayes baud modem hooked up, and his computer's auto-dialing through all the numbers on a list. Tags the numbers that are active with modems, comes back, he goes through and decides to hack into several of them. Hits what he thinks is a gaming software company and tries to get in, finds a menu of games. Of course, the common sense dictates that global thermal nuclear war would be a good choice. You want to play that game online, not knowing where it's coming from. So he chooses that and almost starts World War III. But the idea behind it is that he war dials and hacks into the computer, and the movie then unfolds and talks about how that whole thing happens. So we don't see this much anymore. War dialing is really limited to the concept of a modem, and if there are no modems, really have no reason to war dial. But what we may be able to do is war drive. War drive's an updated, newer version of war dialing. War driving is the wireless equivalent of war dialing. It allows us to search for rogue access points and find open access points by driving around with a wireless signal locator that allows us to then interact and connect to them. The process I explained to you just a couple minutes ago about showing up at a company, probing for wireless access points, and then trying to connect to them would be an example of war driving. We may actually drive around literally, right, in a car looking for open access points. We may walk around. We may just have a coverage map that tells us where they are. You can go online these days, by the way, and you can look for war driving coverage maps that people have put together for downtown areas all over the United States and all over the world. And as a result, you can find all the open access points. I use these sometimes when I travel. I'll go out and I'll check ahead, find out where the open access points are that are freely and publicly available, that people have identified in a city. So I know when I'm there working, I can find wireless if I need to, right? because there may not be a Starbucks or who knows what close by. But yet I know that there's an open access point in this coffee shop, or wherever it is. So I'll go online, and I'll Google for, and I'll check out these maps. You should think about doing the same. Be interesting to see whether or not your companies are on that list, and if they are, how many open access points you may have. Would definitely be something for you to be aware of. We'll take a break for just a second here as we continue our conversations thinking about not just war driving, and not just war dialing. But all the other things that we're going to want to consider as we continue our conversations in this area. Thinking about penetration testing, which is going to be something we're going to be coming up and discussing. And as soon as we come back from our break, we're going to go ahead and talk about pen testing.
